From: Peter Krempa <pkrempa@redhat.com>
Date: Fri, 6 Sep 2024 12:29:18 +0000 (+0200)
Subject: virconf: Fix numeric overflow when parsing numbers in conf files
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=8666523b7d0891c38a7c9c138c4cc318eddfefeb;p=libvirt.git

virconf: Fix numeric overflow when parsing numbers in conf files

The number is parsed manually without making sure it'll fit.

Fixes: 3bbac7cdb67
Closes: https://gitlab.com/libvirt/libvirt/-/issues/671
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---

diff --git a/src/util/virconf.c b/src/util/virconf.c
index 8fdf40e9d0..da07af178d 100644
--- a/src/util/virconf.c
+++ b/src/util/virconf.c
@@ -347,6 +347,12 @@ virConfParseLong(virConfParserCtxt *ctxt, long long *val)
         return -1;
     }
     while ((ctxt->cur < ctxt->end) && (g_ascii_isdigit(CUR))) {
+        if (l > LLONG_MAX / 10) {
+            virConfError(ctxt, VIR_ERR_OVERFLOW,
+                         _("numeric overflow in conf value"));
+            return -1;
+        }
+
         l = l * 10 + (CUR - '0');
         NEXT;
     }